libpod: always use direct mapping

always use the direct mapping when writing the mappings for an idmapped mount. crun was previously using the reverse mapping, which is not correct and it is being addressed here: https://github.com/containers/crun/pull/1147 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-05-21 00:56:36 +08:00 · 2023-02-20 14:05:04 +01:00
parent b55df7f151
commit af8d649da7
4 changed files with 30 additions and 44 deletions
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@ -74,7 +74,7 @@ func parseOptionIDs(option string) ([]idtools.IDMap, error) {
 	return ret, nil
 }

-func parseIDMapMountOption(idMappings stypes.IDMappingOptions, option string, invert bool) ([]spec.LinuxIDMapping, []spec.LinuxIDMapping, error) {
+func parseIDMapMountOption(idMappings stypes.IDMappingOptions, option string) ([]spec.LinuxIDMapping, []spec.LinuxIDMapping, error) {
 	uidMap := idMappings.UIDMap
 	gidMap := idMappings.GIDMap
 	if strings.HasPrefix(option, "idmap=") {
@ -101,33 +101,17 @@ func parseIDMapMountOption(idMappings stypes.IDMappingOptions, option string, in
 	uidMappings := make([]spec.LinuxIDMapping, len(uidMap))
 	gidMappings := make([]spec.LinuxIDMapping, len(gidMap))
 	for i, uidmap := range uidMap {
-		if invert {
-			uidMappings[i] = spec.LinuxIDMapping{
-				HostID:      uint32(uidmap.ContainerID),
-				ContainerID: uint32(uidmap.HostID),
-				Size:        uint32(uidmap.Size),
-			}
-		} else {
-			uidMappings[i] = spec.LinuxIDMapping{
-				HostID:      uint32(uidmap.HostID),
-				ContainerID: uint32(uidmap.ContainerID),
-				Size:        uint32(uidmap.Size),
-			}
+		uidMappings[i] = spec.LinuxIDMapping{
+			HostID:      uint32(uidmap.HostID),
+			ContainerID: uint32(uidmap.ContainerID),
+			Size:        uint32(uidmap.Size),
 		}
 	}
 	for i, gidmap := range gidMap {
-		if invert {
-			gidMappings[i] = spec.LinuxIDMapping{
-				HostID:      uint32(gidmap.ContainerID),
-				ContainerID: uint32(gidmap.HostID),
-				Size:        uint32(gidmap.Size),
-			}
-		} else {
-			gidMappings[i] = spec.LinuxIDMapping{
-				HostID:      uint32(gidmap.HostID),
-				ContainerID: uint32(gidmap.ContainerID),
-				Size:        uint32(gidmap.Size),
-			}
+		gidMappings[i] = spec.LinuxIDMapping{
+			HostID:      uint32(gidmap.HostID),
+			ContainerID: uint32(gidmap.ContainerID),
+			Size:        uint32(gidmap.Size),
 		}
 	}
 	return uidMappings, gidMappings, nil
@ -304,7 +288,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		for _, o := range m.Options {
 			if o == "idmap" || strings.HasPrefix(o, "idmap=") {
 				var err error
-				m.UIDMappings, m.GIDMappings, err = parseIDMapMountOption(c.config.IDMappings, o, true)
+				m.UIDMappings, m.GIDMappings, err = parseIDMapMountOption(c.config.IDMappings, o)
 				if err != nil {
 					return nil, err
 				}